Comments (dotnet#102325)

* Comments * Update src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp Co-authored-by: Jan Kotas <[email protected]> --------- Co-authored-by: Jan Kotas <[email protected]>
fanyang-mono · May 16, 2024 · 7c5d205 · 7c5d205
1 parent 189d768
commit 7c5d205
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp b/src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp
@@ -120,6 +120,15 @@ HRESULT GCHeapUtilities::InitializeStandaloneGC()
     NewArrayHolder<char> moduleNameHolder(moduleName);
     if (!modulePath)
     {
+        //
+        // This is not a security feature.
+        // The libFileName originates either from an environment variable or from the runtimeconfig.json
+        // These are trusted locations, and therefore even if it is a relative path, there is no security risk.
+        //
+        // However, users often don't know the absolute path to their coreclr module, especially on production. 
+        // Therefore we allow referencing it from an arbitrary location through libFilePath instead. Users, however
+        // are warned that they should keep the file in a secure location such that it cannot be tampered. 
+        //
         if (!ValidateModuleName(moduleName))
         {
             LOG((LF_GC, LL_FATALERROR, "GC initialization failed to load the Standalone GC library.\n"));

diff --git a/src/coreclr/vm/gcheaputilities.cpp b/src/coreclr/vm/gcheaputilities.cpp
@@ -171,6 +171,15 @@ HMODULE LoadStandaloneGc(LPCWSTR libFileName, LPCWSTR libFilePath)
         return CLRLoadLibrary(libFilePath);
     }
 
+    //
+    // This is not a security feature.
+    // The libFileName originates either from an environment variable or from the runtimeconfig.json
+    // These are trusted locations, and therefore even if it is a relative path, there is no security risk.
+    //
+    // However, users often don't know the absolute path to their coreclr module, especially on production. 
+    // Therefore we allow referencing it from an arbitrary location through libFilePath instead. Users, however
+    // are warned that they should keep the file in a secure location such that it cannot be tampered. 
+    //
     if (!ValidateModuleName(libFileName))
     {
         LOG((LF_GC, LL_INFO100, "Invalid GC name found %s\n", libFileName));